Aligned alloc/free might have bug

[jibsen]

I just took a quick look through squash-memory.c, and noticed:

squash/squash/squash-memory.c

Lines 227 to 232 in bcf1acf

	size_t padding = alignment - (addr % alignment);
	if (padding < sizeof(void*))
	padding += alignment;
	assert ((padding + size) <= ms);
	memcpy ((void*) (addr + padding - sizeof(void*)), &ptr, sizeof(void*));

If, say, alignment is 2, then padding is <= 2, and padding + alignment is still less than the size of a void pointer, so the memcpy will write before the start of the allocated memory.

squash/squash/squash-memory.c

Line 249 in bcf1acf

squash_memfns.free ((void*) (((uintptr_t) ptr) - sizeof(void*)));

As far as I can tell this attempts to free the address at which the original pointer is stored, rather than the actual original pointer. I think there should be a read using memcpy somewhere.

I don't have time to look into this further at the moment, I just wanted to create an issue while I remembered.